Shocking video of a girl attacked by a shark? OMG – it’s a colourful clickjack attack

Hot on the heels of other recent scams spreading virally across Facebook, we’re now seeing another – this time posing as a link to an alleged shocking video of a girl being attacked by a shark.

Thousands of messages have been posted by Facebook users reading:

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

If you click on the link you are taken to a Facebook page which fools you into believing you are about to watch a video. All you need to do (they say) is click on the red button and the blue button.

OMG shocking video of a girl attacked by a shark

If you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked – secretly liking and sharing the link with all of your Facebook friends. You’re in good company at least – thousands of other Facebook users have done the same..

Link to shark video page posted on your Facebook page

And now you’re a fan of that page they’re free to send your updates and messages, and potentially spam you or send you malicious links. What’s worse – you’ve endorsed the page and shared it with your online mates.

All because you wanted to watch a shocking video of a girl being attacked by a shark.

In just the time it’s taken me to write this blog post, some 1000 more people have agreed to “like” this page. I wonder how they would feel if they realised they had been scammed into helping the bad guys spam out their link?

If you have Facebook friends who you believe are acting unsafely online invite them to join the Sophos page on Facebook.